« Добірка експлоітів
MOSEB-12 Bonus: Vulnerability in AltaVista »

MOSEB-12: Vulnerabilities at www.altavista.com

19:46 12.06.2007

Next participant of the project is AltaVista search engine. It is one of the popular search engines.

The vulnerabilities are at AltaVista (www.altavista.com) in Images, MP3/Audio, Video and News search. These Cross-Site Scripting holes I found 25.01.2007.

XSS:

The vulnerabilities are in q parameter:
http://www.altavista.com/image/results?q=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: searching for images, audio, video and news can be dangerous.

Note, that AltaVista engine belongs to Yahoo! Inc. So Yahoo also responsible for these vulnerabilities (as for their own at MOSEB-02).

P.S.

Also I prepared another hole concerned with AltaVista. So wait for today’s bonus post ;-) .


This entry was posted on 19:46 12.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.

2 відповідей на “MOSEB-12: Vulnerabilities at www.altavista.com”

  1. nikaury каже:
    Вівторок, 04:29 14.08.2007

    5t :oops: :P :roll: :cry: :o :?

  2. MustLive каже:
    Вівторок, 16:40 14.08.2007

    nikaury

    Yahoo fixed these holes already (in June).

Leave a Reply

You must be logged in to post a comment.